Scott Guthrie just provided an update on an ASP.NET vulnerability and the availability of a patch to mitigate the issue. The patch will release today and everyone should start testing ASAP and planning the deployment to their servers.
The issue is apparently a denial-of-service problem rather than a systems-access issue, but because the attack is so easy to implement, it is expected that we’ll see attacks against the vulnerability very soon. System administrators should take this very seriously.
[UPDATE: I’ve heard talk that there may also be elevation-of-privileges issues but that is unconfirmed. Regardless, this should be installed as soon as reasonably possible.]